Re: latest trends in email spam

I demand that Moe Trin may or may not have written...

[snip]
For example, mail you receive that your ISP's MTA says came from a host
without a name (seen in the Received: header), or from a host whose name
contains the letters 'dsl', 'client', 'dynamic', 'ppp' - these are most
generally zombie hosts being abused by spammers.

That may be, but you DO NOT use this and this alone for rejecting mail.
Checking through a few mailing lists to which I subscribe, I see legitimate
examples of some of the above. Checking what is claimed to have received the
message and the chain consistency is also important.

Look at the HELO or EHLO name that the host claimed to be when it connected
(also in the Received: header)- does it fit?

Could be spam, could be clueless user, could be competent user who simply
hasn't considered how his machine announces itself as an SMTP client...

I reject ALL mail that is in HTML,

Fair enough - usually. HTML as attachment rather than as primary content
comes to mind, though I'd expect that to be rare.

or has that string 'http://' anywhere in the body.

I see a lot of legitimate mail which has that.

[snip]
I finally managed to convince one to use PC-Pine instead of Lookout (which
was running in duplicate Text/HTML mode) when she discovered that her
outgoing mail ran _much_ faster on her dialup connection. Wonder why.

:-)

--
| Darren Salt | linux or ds at | nr. Ashington, | Toon
| RISC OS, Linux | youmustbejoking,demon,co,uk | Northumberland | Army
| + Output less CO2 => avoid massive flooding. TIME IS RUNNING OUT *FAST*.

A hermit is a deserter from the army of humanity.
.

Relevant Pages

  • Re: How to list the statement of all var ?
    ... > of an object when the question was about `var' statements? ... And as soon as i will test it for this particular host ... to use an Object object instead of an Array object. ...
    (comp.lang.javascript)
  • Re: Why is my IP Address (as shown by FWShow) not what Ive set up in Configure?
    ... >> In the Hosts file, I have 192.168.0.10 for the relevant host name. ... I thought it was a small chance, given that I'm trying to route to the 192 ... StevePotts at blastzone DOT demon STOP co DOT uk ...
    (comp.sys.acorn.networking)
  • Re: Pure and internal procedures
    ... to be determined serially, thereby, destroying any parallel operation. ... If two copies of the host are running, ... the net effect of all the constraints that are applied to the ... (snip on FORALL and DO CONCURRENT) ...
    (comp.lang.fortran)
  • Re: The Hunt & Humiliate Broke Men Agency
    ... Kumogakure states that illegitimacy implies a host of legal, moral, ... If you hold the two dimensional moral scope of a Western liberal the ...
    (soc.men)